eCommerce and Online Sales Fraud Prevention in Canada

Melody McKinnon

2 years ago

Fraudulent online transactions are the dark side of eCommerce. The Internet is the “wild west” of fraud in a world that is becoming more secure at the offline payment level. It has become a point of easier access, without signatures, PIN numbers and chips.

March is Fraud Prevention Month and we’re observing it by addressing fraud as it applies to Canadian online sellers, be that a retailer or individual seller. The vast majority of online retailers say they’ve lost revenue due to fraudulent activity. In a 2015 report, J. Gold Associates found only 8% of merchants surveyed had no losses to Internet fraud in the past year. The other participants who tracked them reported losses of up to an alarming 50%. The losses correlate with a lack of fraud prevention measures, which is frequently due to a lack of knowledge and awareness.

Risky Business

The top three online retail categories targeted by digital thieves are travel, computers and electronics, and clothing. Thieves can use information obtained via customer data security breaches to make online purchases. Others simply use chargebacks to get free merchandise. The sad reality is, there are many ways fraudsters can steal from online retailers or their customers.

Website and Database Hacking

Malware

E-Wallet Fraud

App Store Fraud

Fake Mobile App’s

Account Hijacking (Phishing and Password Bots)

Stolen Credit Card Info

Chargebacks

Shipping Schemes

International shipping comes with its own security risks. It can be much more difficult to prove shipments have been received due to a lack of shipment tracking and options like a signature requirement. Plus, the postal system in some countries is less reliable than others and mail theft can be a big problem.

Mobile Fraud

The increased use of mobile devices in Canada has inevitably resulted in a substantial increase of fraud via mobile app’s. Investment in more mobile cyber security will easily pay for itself through loss prevention. That could be as simple as implementing a higher level of log-in authentication.

“This upgrading of login techniques will improve the security of transactions by more positively determining who and what device is being used, and should significantly reduce the threat levels and consequent fraud on mobile transactions,” states the report, Mobile eCommerce: Friend or Foe? A Cyber Security Study by J. Gold Associates.

The Risk to Individual Sellers and Small Businesses Selling on Auctions, etc.

We knew something was up when we received an eMail from someone who wanted to place a large order, and have it shipped to Malaysia using the customer’s choice of shipping company. They assured us that they would prepay via PayPal so there was no risk to us, right?

Wrong. Without proof that the shipment had arrived, they would be free to claim it hadn’t. PayPal would refund their payment and we would have lost both the inventory and the cost of shipping. We declined to “do business” with the individual and never heard from them again.

Sellers and merchants in online marketplaces must educate themselves in the latest scams to protect themselves from online fraud. Keep an eye on the seller forums provided by markets like Amazon and auctions like eBay, as well as their company newsletters. Keep your wits about you in any Classified Ads setting as well. If something a buyer requests seems odd, listen to your instincts and contact the marketplace management.

Online Sales Fraud Prevention

Online fraud prevention is a multi-faceted beast. Cyber criminals come at merchants from all sides, making it critical that all doors be locked up tight.

Virtually all eCommerce software, platforms and online marketplaces come with some level of built-in fraud protection. How extensive it is can vary so it pays to read the fine print and ask specific questions. Many eCommerce platforms, like Shopify Canada, support a number of third party payment gateways as well as their own. It’s up to you which one you use.

Often, transaction security is provided via the payment processor or payment gateway. Check their website or send them an eMail to find out details.

Consider purchasing anti-fraud software or services that are specifically designed to identify and flag online fraud during the purchasing process. The most successful online loss prevention solutions work by using relevant variables and behaviour tracking to analyze risk during the purchasing process, like ACL and IDEA. These “fraud analytics” are discussed in the book, Fraud Analytics: Strategies and Methods for Detection and Prevention.

Many online merchants are focusing on more involved log-in authentication to help prevent digital losses. In addition to the usual username and password, these merchants use IP information, device identification, telephone verification, challenge questions, and even biometrics.

If you’re suspicious, pick up the phone and call the credit card hotline to see if the card has been stolen.

Visa Canada suggests we watch for the following fraud prevention ‘red flags’ when processing orders and payments:

Large orders consisting of expensive products.

Orders that are larger than average.

Exceptionally frequent ordering using the same credit card number.

Repeat orders of the same product.

A shipping address that doesn’t match the billing address, or multiple shipping addresses with the same credit card number (use the credit card processor’s Address Verification System).

Orders from a single IP address with different names, addresses, and credit card numbers.

Obviously, these red flags should only make you more alert. They don’t necessarily mean the buyer is committing any cyber crime.

Online Business Fraud Prevention Resources

Your investment in fraud prevention will increase overall revenue with more legitimate sales and improved operational efficiency, while avoiding expenses like chargeback fees and manual verification. You can begin to assess the risk to your online business by using the self-assessment tools provided by RSA.